Source Code Enumeration Detection by Keyword
Detects source code enumeration that use GET requests by keyword searches in URL strings
Sigma rule (View on GitHub)
1title: Source Code Enumeration Detection by Keyword
2id: 953d460b-f810-420a-97a2-cfca4c98e602
3status: test
4description: Detects source code enumeration that use GET requests by keyword searches in URL strings
5references:
6 - https://pentester.land/tutorials/2018/10/25/source-code-disclosure-via-exposed-git-folder.html
7 - https://medium.com/@logicbomb_1/bugbounty-how-i-was-able-to-download-the-source-code-of-indias-largest-telecom-service-52cf5c5640a1
8author: James Ahearn
9date: 2019-06-08
10modified: 2022-10-05
11tags:
12 - attack.discovery
13 - attack.t1083
14logsource:
15 category: webserver
16detection:
17 keywords:
18 - '.git/'
19 condition: keywords
20fields:
21 - client_ip
22 - vhost
23 - url
24 - response
25falsepositives:
26 - Unknown
27level: medium
References
Related rules
- Capabilities Discovery - Linux
- Cisco Discovery
- DirLister Execution
- File and Directory Discovery - MacOS
- PUA - Seatbelt Execution